0a85a97ba9
* Add atlassiancrowd connector to list in readme * Add TestIdentityFromCrowdUser * Set preferred_username claim when configured * Add preferredUsernameField option to docs * Log warning when mapping invalid crowd field
44 lines
2.1 KiB
Markdown
44 lines
2.1 KiB
Markdown
Authentication through Atlassian Crowd
|
|
|
|
## Overview
|
|
|
|
Atlassian Crowd is a centralized identity management solution providing single sign-on and user identity.
|
|
|
|
Current connector uses request to [Crowd REST API](https://developer.atlassian.com/server/crowd/json-requests-and-responses/) endpoints:
|
|
* `/user` - to get user-info
|
|
* `/session` - to authenticate the user
|
|
|
|
Offline Access scope support provided with a new request to user authentication and user info endpoints.
|
|
|
|
## Configuration
|
|
To start using the Atlassian Crowd connector, firstly you need to register an application in your Crowd like specified in the [docs](https://confluence.atlassian.com/crowd/adding-an-application-18579591.html).
|
|
|
|
The following is an example of a configuration for dex `examples/config-dev.yaml`:
|
|
|
|
```yaml
|
|
connectors:
|
|
- type: atlassian-crowd
|
|
# Required field for connector id.
|
|
id: crowd
|
|
# Required field for connector name.
|
|
name: Crowd
|
|
config:
|
|
# Required field to connect to Crowd.
|
|
baseURL: https://crowd.example.com/crowd
|
|
# Credentials can be string literals or pulled from the environment.
|
|
clientID: $ATLASSIAN_CROWD_APPLICATION_ID
|
|
clientSecret: $ATLASSIAN_CROWD_CLIENT_SECRET
|
|
# Optional groups whitelist, communicated through the "groups" scope.
|
|
# If `groups` is omitted, all of the user's Crowd groups are returned when the groups scope is present.
|
|
# If `groups` is provided, this acts as a whitelist - only the user's Crowd groups that are in the configured `groups` below will go into the groups claim.
|
|
# Conversely, if the user is not in any of the configured `groups`, the user will not be authenticated.
|
|
groups:
|
|
- my-group
|
|
# Prompt for username field.
|
|
usernamePrompt: Login
|
|
# Optionally set preferred_username claim.
|
|
# If `preferredUsernameField` is omitted or contains an invalid option, the `preferred_username` claim will be empty.
|
|
# If `preferredUsernameField` is set, the `preferred_username` claim will be set to the chosen Crowd user attribute value.
|
|
# Possible choices are: "key", "name", "email"
|
|
preferredUsernameField: name
|
|
```
|